English

woensdag 15 september 2010

HJT Analyst, something for You?

Often I am getting the question dropped : How do I become a Hijackthis Analyst?
The answer to this question isn't gonna be a quicky one.



Prologue

Actually the term "Hijackthis Analyst" is old fashion and is from the days that most malware could be identified and solved by use of the Hijackthis tool (original written by Merijn).

"Anti Malware Analyst" is a more up to date and accurate discription.

Today we are confronted with root/boot kits (often the result of exploit abuse) and therefore it's necessary to make use of alternative tools.

Combofix (sUBs), DDS (sUBs), OTL (Old Timer), Gmer (Gmer), The Avenger (Swandog46) are the most used nowadays.





Function Discription


  • Solving a malware problem, posted by the Topic starter (TS).

  • Analyse and interpreting of logs posted by the TS or on request of the analyst.
This forms the base on writting a fix and solving the problem.

Solving a malware problem is done in 4 steps:


  1. Analyze / diagnose: Recognize the symptoms and the malware involved.

  2. Treatment: Writing of the fix.

  3. Prognose: Expected result.

  4. Feedback: Evaluate and adjust the treatment.


Kwalifications

  • Know how to read !!!

  • Maturity

  • Inquisitive

  • Knowledge of Windows Operating System and his Registery.

  • DOS (batch) knowledge.

  • Stress resistant

  • Persistence


Courses


Nederlands / Dutch : Hijackthis.nl

English / Engels: Bleeping Computer, SWI and Geekstogo.


Conclusion

Solving a malware problem is a very intensive job that could take up a lot of time.

Even more time then you expected.


The difference between a Analyst and a good Analyst is the knowlegde you gathered and the efficiency to use that knowledge to solve the problem.

The reward is the intellectual victory you get and, not in the least, the gratitude of the Topic Starter.


Emphyrio :)